Zeile 6 | Zeile 6 |
---|
* Website: http://www.mybboard.net * License: http://www.mybboard.net/about/license *
|
* Website: http://www.mybboard.net * License: http://www.mybboard.net/about/license *
|
* $Id: xmlhttp.php 4117 2008-08-15 15:38:41Z Tikitiki $
| * $Id: xmlhttp.php 5379 2011-02-21 11:06:42Z Tomm $
|
*/
/**
| */
/**
|
Zeile 41 | Zeile 41 |
---|
// Send no cache headers header("Expires: Sat, 1 Jan 2000 01:00:00 GMT");
|
// Send no cache headers header("Expires: Sat, 1 Jan 2000 01:00:00 GMT");
|
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . "GMT");
| header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
|
header("Cache-Control: no-cache, must-revalidate"); header("Pragma: no-cache");
| header("Cache-Control: no-cache, must-revalidate"); header("Pragma: no-cache");
|
Zeile 335 | Zeile 335 |
---|
xmlhttp_error($lang->edit_time_limit); } }
|
xmlhttp_error($lang->edit_time_limit); } }
|
| // Forum is closed - no editing allowed (for anyone) if($forum['open'] == 0) { xmlhttp_error($lang->no_permission_edit_post); }
|
if($mybb->input['do'] == "get_post") { // Send our headers. header("Content-type: text/xml; charset={$charset}");
|
if($mybb->input['do'] == "get_post") { // Send our headers. header("Content-type: text/xml; charset={$charset}");
|
|
|
$post['message'] = htmlspecialchars_uni($post['message']); // Send the contents of the post.
| $post['message'] = htmlspecialchars_uni($post['message']); // Send the contents of the post.
|
Zeile 356 | Zeile 363 |
---|
xmlhttp_error($lang->invalid_post_code); }
|
xmlhttp_error($lang->invalid_post_code); }
|
$message = strval($_POST['value']);
| $message = strval($mybb->input['value']);
|
if(my_strtolower($charset) != "utf-8") { if(function_exists("iconv"))
| if(my_strtolower($charset) != "utf-8") { if(function_exists("iconv"))
|
Zeile 370 | Zeile 377 |
---|
else if(my_strtolower($charset) == "iso-8859-1") { $message = utf8_decode($message);
|
else if(my_strtolower($charset) == "iso-8859-1") { $message = utf8_decode($message);
|
} }
| } }
|
// Set up posthandler. require_once MYBB_ROOT."inc/datahandlers/post.php"; $posthandler = new PostDataHandler("update"); $posthandler->action = "post";
|
// Set up posthandler. require_once MYBB_ROOT."inc/datahandlers/post.php"; $posthandler = new PostDataHandler("update"); $posthandler->action = "post";
|
|
|
// Set the post data that came from the input to the $post array. $updatepost = array( "pid" => $mybb->input['pid'],
| // Set the post data that came from the input to the $post array. $updatepost = array( "pid" => $mybb->input['pid'],
|
Zeile 409 | Zeile 416 |
---|
require_once MYBB_ROOT."inc/class_parser.php"; $parser = new postParser;
|
require_once MYBB_ROOT."inc/class_parser.php"; $parser = new postParser;
|
|
|
$parser_options = array( "allow_html" => $forum['allowhtml'], "allow_mycode" => $forum['allowmycode'],
| $parser_options = array( "allow_html" => $forum['allowhtml'], "allow_mycode" => $forum['allowmycode'],
|
Zeile 519 | Zeile 526 |
---|
if(!is_moderator($quoted_post['fid']) && $quoted_post['visible'] == 0) { continue;
|
if(!is_moderator($quoted_post['fid']) && $quoted_post['visible'] == 0) { continue;
|
}
| }
|
// Swap username over if we have a registered user if($quoted_post['userusername'])
| // Swap username over if we have a registered user if($quoted_post['userusername'])
|
Zeile 586 | Zeile 593 |
---|
} else if($mybb->input['action'] == "username_availability") {
|
} else if($mybb->input['action'] == "username_availability") {
|
| if(!verify_post_check($mybb->input['my_post_key'], true)) { xmlhttp_error($lang->invalid_post_code); }
|
require_once MYBB_ROOT."inc/functions_user.php"; $username = $mybb->input['value'];
// Fix bad characters $username = trim($username);
|
require_once MYBB_ROOT."inc/functions_user.php"; $username = $mybb->input['value'];
// Fix bad characters $username = trim($username);
|
$username = str_replace(array(unicode_chr(160), unicode_chr(173), unicode_chr(0xCA), dec_to_utf8(8238), dec_to_utf8(8237)), array(" ", "-", "", "", ""), $username);
| $username = str_replace(array(unicode_chr(160), unicode_chr(173), unicode_chr(0xCA), dec_to_utf8(8238), dec_to_utf8(8237), dec_to_utf8(8203)), array(" ", "-", "", "", "", ""), $username);
|
// Remove multiple spaces from the username $username = preg_replace("#\s{2,}#", " ", $username);
|
// Remove multiple spaces from the username $username = preg_replace("#\s{2,}#", " ", $username);
|
| if(empty($username)) { echo "<fail>{$lang->banned_characters_username}</fail>"; exit; }
|
header("Content-type: text/xml; charset={$charset}");
| header("Content-type: text/xml; charset={$charset}");
|
Zeile 603 | Zeile 621 |
---|
if($banned_username) { echo "<fail>{$lang->banned_username}</fail>";
|
if($banned_username) { echo "<fail>{$lang->banned_username}</fail>";
|
exit;
| exit;
|
}
// Check for certain characters in username (<, >, &, and slashes) if(strpos($username, "<") !== false || strpos($username, ">") !== false || strpos($username, "&") !== false || my_strpos($username, "\\") !== false || strpos($username, ";") !== false)
|
}
// Check for certain characters in username (<, >, &, and slashes) if(strpos($username, "<") !== false || strpos($username, ">") !== false || strpos($username, "&") !== false || my_strpos($username, "\\") !== false || strpos($username, ";") !== false)
|
{
| {
|
echo "<fail>{$lang->banned_characters_username}</fail>";
|
echo "<fail>{$lang->banned_characters_username}</fail>";
|
exit; }
| exit; }
|
// Check if the username is actually already in use $query = $db->simple_select("users", "uid", "LOWER(username)='".$db->escape_string(my_strtolower($username))."'"); $user = $db->fetch_array($query);
|
// Check if the username is actually already in use $query = $db->simple_select("users", "uid", "LOWER(username)='".$db->escape_string(my_strtolower($username))."'"); $user = $db->fetch_array($query);
|
|
|
if($user['uid']) {
|
if($user['uid']) {
|
$lang->username_taken = $lang->sprintf($lang->username_taken, $username);
| $lang->username_taken = $lang->sprintf($lang->username_taken, htmlspecialchars_uni($username));
|
echo "<fail>{$lang->username_taken}</fail>"; exit;
|
echo "<fail>{$lang->username_taken}</fail>"; exit;
|
}
| }
|
else {
|
else {
|
$lang->username_available = $lang->sprintf($lang->username_available, $username);
| $lang->username_available = $lang->sprintf($lang->username_available, htmlspecialchars_uni($username));
|
echo "<success>{$lang->username_available}</success>"; exit; } } else if($mybb->input['action'] == "username_exists") {
|
echo "<success>{$lang->username_available}</success>"; exit; } } else if($mybb->input['action'] == "username_exists") {
|
| if(!verify_post_check($mybb->input['my_post_key'], true)) { xmlhttp_error($lang->invalid_post_code); }
|
require_once MYBB_ROOT."inc/functions_user.php"; $username = $mybb->input['value'];
| require_once MYBB_ROOT."inc/functions_user.php"; $username = $mybb->input['value'];
|
Zeile 649 | Zeile 672 |
---|
if($user['uid']) {
|
if($user['uid']) {
|
$lang->valid_username = $lang->sprintf($lang->valid_username, $username);
| $lang->valid_username = $lang->sprintf($lang->valid_username, htmlspecialchars_uni($username));
|
echo "<success>{$lang->valid_username}</success>"; exit; } else {
|
echo "<success>{$lang->valid_username}</success>"; exit; } else {
|
$lang->invalid_username = $lang->sprintf($lang->invalid_username, $username);
| $lang->invalid_username = $lang->sprintf($lang->invalid_username, htmlspecialchars_uni($username));
|
echo "<fail>{$lang->invalid_username}</fail>"; exit; }
| echo "<fail>{$lang->invalid_username}</fail>"; exit; }
|
Zeile 673 | Zeile 696 |
---|
); $timecut = TIME_NOW - $mybb->settings['wolcutoff']; $query = $db->simple_select("users", "uid, username, usergroup, displaygroup, lastactive, lastvisit, invisible", "uid IN ({$mybb->user['buddylist']})", $query_options);
|
); $timecut = TIME_NOW - $mybb->settings['wolcutoff']; $query = $db->simple_select("users", "uid, username, usergroup, displaygroup, lastactive, lastvisit, invisible", "uid IN ({$mybb->user['buddylist']})", $query_options);
|
$buddy_array = array();
| $online = array(); $offline = array();
|
while($buddy = $db->fetch_array($query)) { $buddy_name = format_name($buddy['username'], $buddy['usergroup'], $buddy['displaygroup']);
| while($buddy = $db->fetch_array($query)) { $buddy_name = format_name($buddy['username'], $buddy['usergroup'], $buddy['displaygroup']);
|